In today’s digital age, it seems we’re constantly hearing about large-scale hacks that jeopardize our personal information and expose us to potential identity theft. Most of these hacks target financial data: credit card numbers, bank accounts and the like. As a result, the financial industry has taken decisive steps to improve cybersecurity.
The financial incentives for health care hacks
But the threat of security breaches also lurks in another area – the health care industry. Electronic medical records contain a wealth of sensitive patient data, including social security numbers and financial information. Over the last few years, several hacks into health care insurers have put millions of patients at risk.
Even scarier, medical devices are increasingly joining the “Internet of Things.” Inadequate security protocols could make them susceptible to hacking. Imagine, for example, if someone could access your pacemaker or infusion pump. The consequences could be fatal.
Why would hackers do such a thing? For one, medical devices could provide a portal into larger networks that house valuable patient information. For another, hackers could use such a newsworthy event to manipulate stock markets for their own financial gain, cashing in on the panicked fallout.
The numbers illuminate drastic shortcomings
Health care lags far behind the financial industry when it comes to cybersecurity. On average, financial institutions devote 10% of their budgets to cybersecurity. Health care institutions only set aside roughly 3-6%. What’s more, according to some estimates, the health care industry as a whole is only 30-50% in compliance with cybersecurity regulations.
Recognizing these shortcomings, the Healthcare Information and Management Systems Society (HIMSS) – a nonprofit watchdog organization – recently recommended that the health care industry adopt more robust cybersecurity frameworks. It also proposed that the Department of Health and Human Services take a stronger role in modeling information security, and that state and local governments take steps to remedy the IT workforce shortage.
While changes won’t happen overnight, one thing is clear: They do need to happen soon, not only for the sake of patients’ privacy, but also for their safety.